Infracore LLC Blog

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

Just a few months after finding themselves in a firmware fiasco, Intel is making news for all the wrong reasons. This issue had the potential to affect the CPU of a device, causing a severe dip in the performance of the device.

In a blog post by a user going by the name Python Sweetness, an issue was reported, describing “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.” This means that, thanks to this bug, the interactions that different programs would have with the CPU would be affected.

Under normal circumstances, a CPU will have two modes that it operates under: kernel, which permits the user to make changes to the computer itself, and user, which is considered a ‘safe’ mode. Python Sweetness discovered a bug that blurred the distinction between the two modes. The bug allowed programs run in user mode to also access kernel mode, possibly allowing malware to access the computer’s hardware.

However, the circumstances have proven to be less dire than they originally appeared. The expectation was that this bug would cause entire processes to shift back and forth between user and kernel mode, hamstringing the speed at which the device would operate. There was also the expectation that this issue would not be able to be resolved without a hardware change.

For PCs with Windows 10 installed and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892) or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

Android devices had an update pushed on January 5 to provide some mitigations, with more protections coming in later updates. These patches have already been pushed to Google-branded phones, like the Nexus and Pixel lines, and may have been on other Android devices. It doesn’t hurt to check, and if you haven’t been updated, go online and put pressure on your carrier on a public forum.

Google Chrome should be updated with similar mitigations on January 23, with other browsers updating soon after. To help protect yourself until then, have your IT team activate Site Isolation to minimize the chance of a malicious site accessing data from another browser tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

These kinds of issues help to demonstrate the value of an MSP’s, or managed service provider’s, services. MSPs like Infracore LLC are sure to keep themselves informed on the latest developments in IT security and any resolutions they can pass on to businesses like yours, if they don’t implement them on your behalf.

As a result, you and the rest of your team can go about your business without having to concern yourself with solving issues like these, knowing that you can trust the team who is solving it for you. For more ways that an MSP can help keep your business security and operations optimized, reach out to Infracore LLC at (858) 509-1970.

Tip of the Week: A Secure 2018 Relies on Powerful ...
Personalities are Key to Successful Networking
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Saturday, October 20 2018

Captcha Image

Tag Cloud

Tip of the Week Security Technology Privacy Best Practices Cloud Network Security Business computing Hackers Google Malware Software Microsoft Innovation Internet Data Hardware Smartphones Tech Term Backup Email Hosted Solutions Windows 10 Browser Business VoIP Mobile Devices Computer Android Business Continuity Managed IT Services User Tips Alert Data Backup Workplace Tips Small Business IT Services Smartphone Ransomware Outsourced IT Office Business Management Communications Computers Disaster Recovery Cloud Computing Productivity Miscellaneous Efficiency Cybercrime Law Enforcement Data Recovery Artificial Intelligence Communication Internet of Things Managed IT Services Productivity Money Passwords Windows 10 Telephone Systems Password How To Applications Facebook Virtualization Social Media Windows Collaboration Cybersecurity Chrome Network Router Upgrade App Health Office 365 Gadgets Social Engineering Work/Life Balance Saving Money Server Quick Tips Information Microsoft Office Vulnerability Hacking Bring Your Own Device Spam Save Money Wi-Fi Data Protection Holiday Mobile Device Management Keyboard Private Cloud Two-factor Authentication Apps Phishing Google Drive HaaS Scam Data Breach Connectivity Automation Office Tips IT Support Data Security Word IT Support History Fraud Remote Computing Managed IT Electronic Medical Records BDR Samsung Paperless Office Comparison Training Flexibility Windows 7 Bandwidth Entertainment Website CES Settings Managed Service BYOD USB Value Legal PDF Virtual Assistant Data Storage Mobility Automobile Firewall Networking Content Management Employer-Employee Relationship OneNote Managed Service Provider Telephone System IT Management Business Intelligence Charger Sports Data Management Redundancy Government Avoiding Downtime Blockchain Spam Blocking Patch Management Update Identity Theft Mobile Device Marketing IT Plan Cleaning Encryption Public Cloud Infrastructure Worker Operating System Battery Big Data Unsupported Software Computer Care VPN Remote Monitoring End of Support Google Docs Employer Employee Relationship Remote Worker Education HBO Books Assessment Access Control Servers Root Cause Analysis Business Mangement IT Consultant Conferencing Black Market Software Tips Wearable Technology Accountants FENG Telephony Apple Safe Mode Cast Staff Wireless Internet Warranty Internet exploMicrosoft Benefits Cortana Thought Leadership Computer Accessories Wiring Computing Infrastructure Outlook Amazon Television Authentication HVAC Scalability Botnet Gmail Leadership Emails Telecommuting Machine Learning Skype iPhone Wireless Specifications Vendor Management Wire Printer Solid State Drive Flash Advertising Google Apps Voice over Internet Protocol Bluetooth Unified Threat Management Frequently Asked Questions Relocation User Error Emergency Amazon Web Services Public Computer Nanotechnology Enterprise Content Management Meetings Travel Recovery Save Time Recycling MSP Troubleshooting Remote Work Loyalty Practices YouTube Best Practice Start Menu Monitor Digital Signature Mouse Audit Smart Technology Workers Current Events Addiction Mobile Computing Techology Users Excel Online Shopping Smart Tech Password Management Information Technology eWaste File Sharing IT solutions Physical Security SaaS Hosted Computing Content Tools Search Experience Millennials Smart Office Computer Fan Sync Two Factor Authentication Knowledge Cache NIST Instant Messaging Data loss Risk Management Multi-Factor Security HIPAA Camera Virtual Reality Tip of the week Humor Internet Exlporer Evernote Hiring/Firing Criminal Augmented Reality Files Credit Cards Inventory Video Games Downtime Audiobook Password Manager Network Congestion webinar How to Data storage Music Workforce Document Management The Internet of Things Hybrid Cloud Cryptocurrency Screen Mirroring Politics Trending Rootkit Human Resources Windows 10s Worker Commute Windows Server 2008 Transportation Wireless Charging Safety Devices Thank You Twitter Congratulations Webinar Company Culture CrashOverride Compliance Administrator WiFi Managing Stress Regulation Printers

Mobile? Grab this Article!

QR-Code dieser Seite

Recent Comments

JeffreyKGuertin Tech Term: Modems and Routers Defined
18 October 2018
Thank you so much for defining here the modems and routers to give us better information about this....
Shay Stuart How the Convenience of The Internet of Things Can Come Back to Bite Us
17 October 2018
This is a very important share that delivers facts about the utilization of internet tools in differ...
Isla Tait It Pays to Outsource Your IT
15 October 2018
New IT project that show us a new outcome that has been to prepare this setup that was god to know o...
ClarenceEHaynes 11 Ways to Enhance Android Security
15 October 2018
I really impressed from your working, after reading this 11 ways to enhance android security and dis...
technicalsupport VoIP Delivers Benefits That a Traditional Phone System Can’t
13 October 2018
http://Www.Office.Com/Setup | Microsoft http://Office.Com/Setup :- Office setup suite is an importan...